CVE-2020-12823

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

CVE-2020-12105

OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.

CVE-2013-7098

OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.